Module org.elasticsearch.security
Class ClusterStateRoleMapper
java.lang.Object
org.elasticsearch.xpack.security.authc.support.mapper.AbstractRoleMapperClearRealmCache
org.elasticsearch.xpack.security.authc.support.mapper.ClusterStateRoleMapper
- All Implemented Interfaces:
ClusterStateListener,UserRoleMapper
public class ClusterStateRoleMapper
extends AbstractRoleMapperClearRealmCache
implements ClusterStateListener
A role mapper the reads the role mapping rules (i.e.
ExpressionRoleMappings) from the cluster state
(i.e. RoleMappingMetadata). This is not enabled by default.-
Nested Class Summary
Nested classes/interfaces inherited from interface org.elasticsearch.xpack.core.security.authc.support.UserRoleMapper
UserRoleMapper.DistinguishedNameNormalizer, UserRoleMapper.DistinguishedNamePredicate, UserRoleMapper.UserData -
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final StringThis setting is never registered by the xpack security plugin - in order to disable the cluster-state based role mapper another plugin must register it as a boolean setting and set it to `false`. -
Constructor Summary
ConstructorsConstructorDescriptionClusterStateRoleMapper(Settings settings, ScriptService scriptService, ClusterService clusterService) -
Method Summary
Modifier and TypeMethodDescriptionvoidgetMappings(Set<String> names) booleanhasMapping(String name) voidresolveRoles(UserRoleMapper.UserData user, ActionListener<Set<String>> listener) Methods inherited from class org.elasticsearch.xpack.security.authc.support.mapper.AbstractRoleMapperClearRealmCache
clearRealmCacheOnChange, clearRealmCachesOnAllNodes, clearRealmCachesOnLocalNode
-
Field Details
-
CLUSTER_STATE_ROLE_MAPPINGS_ENABLED
This setting is never registered by the xpack security plugin - in order to disable the cluster-state based role mapper another plugin must register it as a boolean setting and set it to `false`. If this setting is set totruethen:- Realms that make use role mappings (all realms but file and native) will, in addition, observe the role mappings set in the cluster state.
- Similarly, xpack security's
SecurityExtension.SecurityComponentsextensions will, additionally, observe the cluster state role mappings too. UserRoleMapperclass will be guice-bound to aCompositeRoleMapperof theNativeRoleMappingStoreand this mapper.
- See Also:
-
-
Constructor Details
-
ClusterStateRoleMapper
public ClusterStateRoleMapper(Settings settings, ScriptService scriptService, ClusterService clusterService)
-
-
Method Details
-
resolveRoles
- Specified by:
resolveRolesin interfaceUserRoleMapper
-
clusterChanged
- Specified by:
clusterChangedin interfaceClusterStateListener
-
hasMapping
-
getMappings
-
getMappings
-